CVE-2023-46808

CVE Database · CVE-2023-46808

CVE-2023-46808

· CRITICALModified

CVSS v3.1

9.9

EPSS

2.00%

Published

Mar 30, 2024

Modified

Nov 21, 2024

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

An file upload vulnerability in Ivanti ITSM before 2023.4, allows an authenticated remote user to perform file writes to the server. Successful exploitation may lead to execution of commands in the context of non-root user.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Weaknesses (CWE)

CWE-434CWE-434

Affected Products (1)

ivanti · neurons_for_itsm (up to 2023.4)vulnerable

References (2)

https://forums.ivanti.com/s/article/SA-CVE-2023-46808-Authenticated-Remote-File-Write-for-Ivanti-Neurons-for-ITSM

Vendor Advisory

https://forums.ivanti.com/s/article/SA-CVE-2023-46808-Authenticated-Remote-File-Write-for-Ivanti-Neurons-for-ITSM

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs